Anti-Executable 4.0

Prevents launch of any program, malicious or otherwise, that's not whitelisted. Can whitelist publishers of signed apps. Includes special modes to handle upgrades. Offers varying levels of user trust.

Cons
Pre-existing malware may get whitelisted in error. Doesn't block DLL-based malware by default. Enabling DLL management can slow system. Many ways for a user to cause configuration problems.

Bottom Line

No new program, malicious or valid, can run without your permission when Anti-Executable is on the job. This tool is more flexible than it used to be, and it's especially suited to business environments. Home users will have to decide whether it's too intrusive for them.

User Types
By default, the user account that installed Anti-Executable becomes the program's administrator. The administrator can select other user accounts and promote them to administrator or trusted user status. All other users are considered "external users."

I wanted to try the trusted user experience, so I configured my main user account to be a trusted user, not an administrator. Bad idea! As a trusted user I had no way to regain administrator status. The experts at Faronics saved my bacon. They explained that the overall Windows Administrator account is always granted administrator powers within Anti-Executable. That knowledge let me recover from this goof.

When an external user tries to launch a non-approved program, Anti-Executable pops up a message saying that the program "violates the acceptable use policy." The user can click the program name to view its entry in Faronics's online Identifile database, but he simply can't run the program.

An administrator or trusted user gets a slightly different warning dialog, one with buttons to allow running the program, or to both allow it and add it to the whitelist. If you've defined administrator and trusted user passwords, Anti-Executable will demand a password before taking action. Don't do this lightly. If you open the door to a virus, Anti-Executable won't stop you.

External users can't view the administrative console at all. Trusted users can turn protection on or off and edit the whitelists and blacklists. Administrators gain the added abilities to set status for other users, customize the image and message used in alerts, and configure Temporary Execution Mode.

Special Operating Modes
When Anti-Executable is placed in Temporary Execution Mode, all programs are allowed to run except those on the blacklist. This mode comes with a built-in countdown from 1 to 60 minutes; users get a 3-minute warning before it expires.

In this mode, you can install new programs without having to bloat the whitelist by actively adding every installer module and sub-module. Once this temporary mode expires, though, the installed program itself won't run until you whitelist it. By default, Temporary Execution Mode is available only to administrators. However, administrators can choose to let trusted users or even external users invoke it.

Anti-Executable has three major operating modes: enabled, disabled, and maintenance. Maintenance Mode allows administrators and trusted users to run major updates without interference from Anti-Executable. While this mode is active the program tracks all executables added to the system. If the administrator ends Maintenance Mode by switching protection to enabled, all the added executables get whitelisted. If the administrator sets protection to disabled those new executables won't run, as they don't get whitelisted.

Testing Protection
Testing with malware samples was pointless, if simple. Every single one was blocked, since it wasn't on the whitelist. Test complete!

Not all threats come in the form of executable files, though. I tried attacking the test system using the Core Impact penetration tool, just as I do when testing firewalls. Out of about two dozen exploits, Anti-Executable actively blocked exactly one. Specifically it blocked execution of an executable file dropped on the test system by the exploit.

None of the exploits penetrated security, because the test system is fully patched and not vulnerable. But seven exploits involving ActiveX controls and DLLs could in theory have gotten through to affect an unpatched system.

I ran into a problem testing Firefox-oriented exploits. Each time I launched Firefox I got the Mozilla crash report dialog. Checking the logs I found that Anti-Executable had blocked three .JAR files, preventing Firefox from loading. On seeing the logs the experts at Faronics deduced that Firefox had undergone an update without being in Maintenance Mode. They were right. As soon as I repeated the update in Maintenance Mode the problem was solved.

Not for Everyone
Anti-Executable has been around for a number of years, and its main concept hasn't changed. If a program is on the list, it runs; if not, it doesn't. Over time it has shed some features that users didn't need, like preventing deletion or copying of executables. And it's become more flexible, with features like Temporary Execution Mode, Maintenance Mode, and the ability to whitelist publishers. Even so, there are quite a few ways for the user to go wrong in dealing with its protection, as I found out during my evaluation.

In an office, where the computers are intended for very specific functions and don't change configuration much, this program will both keep out malware and keep the employees from installing unapproved software. Home users may find it a bit intrusive, despite its new flexibility. And of course it can't protect against social engineering attacks or attacks that don't use executables. My advicetake advantage of the 30-day trial and see how you like it.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service